Botan  2.13.0
Crypto and TLS for C++11
tiger.cpp
Go to the documentation of this file.
1 /*
2 * Tiger
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tiger.h>
9 #include <botan/loadstor.h>
10 #include <botan/exceptn.h>
11 
12 namespace Botan {
13 
14 std::unique_ptr<HashFunction> Tiger::copy_state() const
15  {
16  return std::unique_ptr<HashFunction>(new Tiger(*this));
17  }
18 
19 namespace {
20 
21 /*
22 * Tiger Mixing Function
23 */
24 inline void mix(secure_vector<uint64_t>& X)
25  {
26  X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5;
27  X[1] ^= X[0];
28  X[2] += X[1];
29  X[3] -= X[2] ^ ((~X[1]) << 19);
30  X[4] ^= X[3];
31  X[5] += X[4];
32  X[6] -= X[5] ^ ((~X[4]) >> 23);
33  X[7] ^= X[6];
34 
35  X[0] += X[7];
36  X[1] -= X[0] ^ ((~X[7]) << 19);
37  X[2] ^= X[1];
38  X[3] += X[2];
39  X[4] -= X[3] ^ ((~X[2]) >> 23);
40  X[5] ^= X[4];
41  X[6] += X[5];
42  X[7] -= X[6] ^ 0x0123456789ABCDEF;
43  }
44 
45 }
46 
47 /*
48 * Tiger Compression Function
49 */
50 void Tiger::compress_n(const uint8_t input[], size_t blocks)
51  {
52  uint64_t A = m_digest[0], B = m_digest[1], C = m_digest[2];
53 
54  for(size_t i = 0; i != blocks; ++i)
55  {
56  load_le(m_X.data(), input, m_X.size());
57 
58  pass(A, B, C, m_X, 5); mix(m_X);
59  pass(C, A, B, m_X, 7); mix(m_X);
60  pass(B, C, A, m_X, 9);
61 
62  for(size_t j = 3; j != m_passes; ++j)
63  {
64  mix(m_X);
65  pass(A, B, C, m_X, 9);
66  uint64_t T = A; A = C; C = B; B = T;
67  }
68 
69  A = (m_digest[0] ^= A);
70  B = m_digest[1] = B - m_digest[1];
71  C = (m_digest[2] += C);
72 
73  input += hash_block_size();
74  }
75  }
76 
77 /*
78 * Copy out the digest
79 */
80 void Tiger::copy_out(uint8_t output[])
81  {
82  copy_out_vec_le(output, output_length(), m_digest);
83  }
84 
85 /*
86 * Tiger Pass
87 */
88 void Tiger::pass(uint64_t& A, uint64_t& B, uint64_t& C,
89  const secure_vector<uint64_t>& X,
90  uint8_t mul)
91  {
92  C ^= X[0];
93  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
94  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
95  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
96  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
97  B *= mul;
98 
99  A ^= X[1];
100  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
101  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
102  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
103  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
104  C *= mul;
105 
106  B ^= X[2];
107  C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
108  SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
109  A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
110  SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
111  A *= mul;
112 
113  C ^= X[3];
114  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
115  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
116  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
117  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
118  B *= mul;
119 
120  A ^= X[4];
121  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
122  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
123  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
124  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
125  C *= mul;
126 
127  B ^= X[5];
128  C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
129  SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
130  A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
131  SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
132  A *= mul;
133 
134  C ^= X[6];
135  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
136  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
137  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
138  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
139  B *= mul;
140 
141  A ^= X[7];
142  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
143  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
144  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
145  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
146  C *= mul;
147  }
148 
149 /*
150 * Clear memory of sensitive data
151 */
153  {
155  zeroise(m_X);
156  m_digest[0] = 0x0123456789ABCDEF;
157  m_digest[1] = 0xFEDCBA9876543210;
158  m_digest[2] = 0xF096A5B4C3B2E187;
159  }
160 
161 /*
162 * Return the name of this type
163 */
164 std::string Tiger::name() const
165  {
166  return "Tiger(" + std::to_string(output_length()) + "," +
167  std::to_string(m_passes) + ")";
168  }
169 
170 /*
171 * Tiger Constructor
172 */
173 Tiger::Tiger(size_t hash_len, size_t passes) :
174  MDx_HashFunction(64, false, false),
175  m_X(8),
176  m_digest(3),
177  m_hash_len(hash_len),
178  m_passes(passes)
179  {
180  if(output_length() != 16 && output_length() != 20 && output_length() != 24)
181  throw Invalid_Argument("Tiger: Illegal hash output size: " +
183 
184  if(passes < 3)
185  throw Invalid_Argument("Tiger: Invalid number of passes: "
186  + std::to_string(passes));
187  clear();
188  }
189 
190 }
fe X
Definition: ge.cpp:27
void clear() override
Definition: mdx_hash.cpp:41
std::string name() const override
Definition: tiger.cpp:164
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
size_t hash_block_size() const override final
Definition: mdx_hash.h:35
Tiger(size_t out_size=24, size_t passes=3)
Definition: tiger.cpp:173
void clear() override
Definition: tiger.cpp:152
T load_le(const uint8_t in[], size_t off)
Definition: loadstor.h:123
Definition: alg_id.cpp:13
size_t output_length() const override
Definition: tiger.h:24
fe T
Definition: ge.cpp:37
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
std::unique_ptr< HashFunction > copy_state() const override
Definition: tiger.cpp:14
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:160
void copy_out_vec_le(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:694